Malware such as viruses can be detected in various ways, such as by using heuristics to spot potentially malicious activities, by analyzing software behavior logged while running the software in an emulation, in a “sandbox,” and/or in another segregated environment, and by comparing software content to a dictionary of known malware signatures. Although malware detection tools continually improve, malware developers also continue to devise new malware variations and new mechanisms for planting malware in computer systems. For example, in addition to embedding malware in application executable code files, some perpetrators now embed malware in HTML files, in PDF files, and in other files that contain user-generated and/or server-generated content. In particular, files may contain obfuscated malware that is implemented in JavaScript® code (mark of Oracle America, Inc.), in other interpreted code, and/or in other languages which utilize bytecode.